How to recover a hacked Gmail account

Bad news, you’ve just found out your Gmail account has been hacked. It’s an incredibly frustrating feeling losing control, but don’t fret, there are steps you can perform to help redeem the situation. There is light at the end of the tunnel.

There are so many ways someone else could have gained access to your account, with phishing emails and keyloggers being particularly nasty culprits. The first thing you should do after noticing some suspicious activity is to try and log into the account as soon as possible.

I can still log into my account – now what?

If you can log in, great news! But don’t breathe a sigh of relief just yet. Change your password immediately and make sure to check that your secondary email or security question hasn’t been changed too. Quick thinking is how you can get your account back in your control.

In order to do this, you want to go to myaccount.google.com and click on the Sign-in & security tab. From here, you ought to change your password and recovery options as well as enable security alerts to warn you should this happen again. Make sure to change passwords on any account that is linked to your Gmail, or any account that uses the same password.

You should also contact any friends or family on your contact list and let them know that your email was compromised, warning them that they may receive some dodgy emails from you if they haven’t already. You don’t want this to snowball and happen to them too.

What to do if you no longer have access to your account

So you no longer have access to your account and whoever does has changed your password. Thankfully, Google has a pretty decent account recovery procedure, so hopefully you’ll be back up and running with your account in no time.

First things first, you need to go to google.com/accounts/recovery to start your account recovery process with Google. From here, you can reset your password if you have a secondary email associated with the account or a security question/answer that hasn’t been changed.

If your secondary email address has been changed, you are going to want to select the ‘I’m having other problems signing in’ option, enter your affected email address and click continue.

From here you might be asked to enter a CAPTCHA and choose the ‘I think someone else is using my account’ option. Click the ‘If you can’t access your account’ dropdown and you’ll have to fill in the account recovery form. Google should now be able to help guide you through a recovery process and will get back to you in order to help get your account back.

Make sure to do a security checkup

Now that you’ve gained access to your account again, now is the time to perform a security checkup to find out what happened. To do this, you’re going to want to go to myaccount.google.com again and click Sign-in & security. Here you can perform a security checkup and can add recovery details, check recent security events, check connected devices and check account permissions.

It’s also worth mentioning that you can also find your last account activity at the bottom of your Gmail page on the right too.

Enabling two-step verification

The best advice we can offer to make your Gmail account more secure is to make sure two-step verification is turned on. This gives your account an extra layer of protection, with a would-be attacker needing more than just your password to log in. It’s pretty much like having an extra shielded front door, behind your existing front door at your home, guarding your beloved possessions.

What this means is that when you sign into your account on a new device, you’ll be asked for a verification code too, which is then sent to your phone via text message, phone call or the authenticator app. Even if attackers have your password, they’re unlikely to have access to your phone as well and so can’t successfully sign in.

Make sure to read our handy guide on How to use Google 2-Step verification to protect your internet accounts.